package cn.gwpay.cloud.module.infra.framework.security.config;

import cn.gwpay.cloud.framework.security.config.AuthorizeRequestsCustomizerInterface;
import cn.gwpay.cloud.framework.web.config.WebProperties;
import cn.gwpay.cloud.module.system.enums.ApiConstants;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.annotation.Resource;

/**
 * Infra 模块的 Security 配置
 */
@Configuration(proxyBeanMethods = false, value = "infraSecurityConfiguration")
public class SecurityConfiguration {

    @Value("${spring.boot.admin.context-path:''}")
    private String adminSeverContextPath;
    @Bean("systemAuthorizeRequestsCustomizer")
    public AuthorizeRequestsCustomizerInterface authorizeRequestsCustomizer() {
        return registry -> {
            // Swagger 文档
            registry.antMatchers("/v3/api-docs/**").permitAll();
            registry.antMatchers("/webjars/**").permitAll();
            registry.antMatchers("/swagger-ui").permitAll();
            registry.antMatchers("/swagger-ui/**").permitAll();

            // Druid 监控
            registry.antMatchers("/druid/**").permitAll();

            // Actuator 端点
            registry.antMatchers("/actuator").permitAll();
            registry.antMatchers("/actuator/**").permitAll();
// Spring Boot Admin Server 的安全配置
            registry.antMatchers(adminSeverContextPath).permitAll()
                    .antMatchers(adminSeverContextPath + "/**").permitAll();
            // 文件读取
            registry.antMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll();
            // RPC 接口
            registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
        };
    }

    @Resource
    private WebProperties webProperties;

    private String buildAdminApi(String url) {
        return   webProperties.getAdminApi().getPrefix() + url;
    }
}
